NAME

Net::Tshark - Interface for the tshark network capture utility

SYNOPSIS

use Net::Tshark;

# Start the capture process, looking for packets containing HTTP requests and responses
my $tshark = Net::Tshark->new;
$tshark->start(interface => 2, display_filter => 'http');

# Do some stuff that would trigger HTTP requests/responses for 30 s
sleep 30;

# Get any packets captured
$tshark->stop;
my @packets = $tshark->get_packets;

# Extract packet information by accessing each packet like a nested hash
my $src_ip = $packets[0]->{ip}->{src};
my $dst_ip = $packets[0]->{ip}->{dst};

DESCRIPTION

A module that uses the command-line tshark utility to capture packets, parse the output, and format the results as perl hash-like structures.

CONSTRUCTOR

$tshark = Net::Tshark->new(): Returns a newly created Net::Tshark object.

METHODS

$tshark->start(%options)

Parameters:
interface      - network interface to use (1, 2, etc)
capture_filter - capture filter, as used by tshark
display_filter - display filter, as used by tshark
duration       - maximum number of seconds to capture packets for
promiscuous    - set to 0 to disable promiscuous mode (necessary for some WiFi adapters)

$tshark->stop

Terminates the tshark process, stopping any further packet capture. You may still execute get_packets after the tshark process has terminated.

$tshark->is_running

Returns a true value if the tshark process is running, or a false value if the tshark process is not running.

$tshark->get_packet

Retrieves the next available captured packet, or returns undef if no packets are available. Packets are Net::Tshark::Packet objects, which implement much of the same interface as native hashes. Therefore, you can dereference Net::Tshark::Packet objects much as you would nested hashes. In fact, you can even cast a Net::Tshark::Packet object to a real hash:

# Get a packet and access its fields directly
my $packet = $tshark->get_packet;
print "The dst IP is $packet->{ip}->{dst}\n";

# Deep-copy the packet object and store its fields in a native hash
my %packet_hash = %{$packet->hash};
print "The src IP is $packet_hash{ip}->{src}\n";

$tshark->get_packets

Retrieves all available captured packets, or returns an empty list if no packets are available.

 # Get a list of the source ips of all captured IP packets
 my @packets = $tshark->get_packets;
 my @src_ips = map { $_->{ip}->{src} } grep { defined $_->{ip} } @packets;

AUTHOR

Zachary Blair, <zblair@cpan.org>

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.

To install Net::Tshark, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Tshark

CPAN shell

perl -MCPAN -e shell
install Net::Tshark

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)